How Location-Based Apps Can Stave Off the ‘Creepy Factor’

Is a mysterious stranger scoping you out based on your social media check-ins? Photo: Jon Snyder/Wired.com

Sometimes an app pushes the boundaries of what’s socially acceptable — and it fails miserably. Such is the case with the most recent offender, the check-in-based pariah called Girls Around Me.

“In the mood for love, or just a one night stand?” the app’s website asks. The query wouldn’t be problematic if the app supported an opt-in dating service. But it doesn’t. It’s an app that was using public information from Foursquare check-ins and Facebook to provide voyeuristic, opportunistic gentlemen the chance to scope out local women.

“Was” is an operative word here. Foursquare pulled its API access because Girls Around Me was just too creepy (and violated their terms).

And so enters the controversy: All of the location data siphoned down by the app was willingly surrendered by Foursquare users. But the way the app used that data was inherently creepy, and highlighted the potential security risks of broadcasting one’s location across social media.

“Context is everything,” EFF digital rights analyst Rebecca Jeschke told Wired via email. “This may not be illegal, but app developers should note the public outcry — the consensus here is that this is, in fact, socially unacceptable and super creepy.”

But what is creepy? What precisely makes us feel creeped out about an app?

“I think it’s anything that allows somebody who you don’t know, or don’t interact with, or don’t want to interact with, to retrieve more information about you than you’re comfortable with,” Kevin Mahaffey, CTO and co-founder of Lookout Mobile Security told Wired. “That’s the trigger that borders on creepy in people’s minds.”

Color was another app that transitioned from cool to ick as users realized nearby strangers would be able to view their photos on the social network — and they could potentially get an eyeful of whatever that person wanted to share, as well.

Nick Doty, a Ph.D. student studying privacy and web standards at UC Berkeley’s School of Information, pointed out a few themes that arise among “creepy” apps.

“In some cases, it may just be a sense of surprise. The user isn’t aware information is being used in a particular way, and when they realize it’s being shared or used differently, that can feel like a violation,” Doty said. “In other cases, it can be the context. Information is shared in one context and reused in another one that’s unexpected or has a different implication.”

Girls Around Me is just one example of that fractured context scenario. Users willingly shared their information within Foursquare or Facebook, but were potentially unaware that this data could be used by third-party party boys.

Over-reaching advertising can also creep us out, Doty says. Say you’re using a restaurant search app, and you’re aware that it’s using your GPS location to help find businesses near you. You’re OK with that. But perhaps the app doesn’t also tell you that it’s using your location for another purpose: to help advertisers better create a profile of you for targeted advertising.

“That’s a pretty common problem — these secondary uses that don’t seem related to the app’s functionality,” Doty said.

Thus, transparency and user control are key to keeping an app from coming across as untrustworthy or creepy. Developers already have the tools to make sure users are aware of geolocation features in apps, and it’s incumbent on them to use them.

For apps that constantly transmit data, like Find My Phone, it would be helpful to regularly send texts or emails notifying the device owner of the continued data monitoring, Doty suggests, as tools like this are sometimes used by abusive ex-partners.

Mobile devices could also employ “ambient notice” features to let users know when location data is being shared. For example, when you’re using your iPhone’s compass, you can see the phone’s arrow symbol and know your device is currently using that feature. Similar signposting could be used for location services.

And, of course, dialog boxes that pop up upon first downloading an app give users a chance to opt-out of location data sharing. These could be augmented to disclose greater detail on what information is collected, and where it might end up. In fact, there are efforts to develop a voluntary code of conduct for location-based apps, according to Mark Uncapher, director of regulatory and government affairs at the Telecommunications Industry Association.

As for Girls Around Me, after Foursquare revoked access to its API, the app developers removed it from the App Store. But the app will be back, apparently. Product lead Vlad Vishnyakov told Wired via email that his company will be changing the application name to be gender neutral, and will make the app design “less provocative,” among other changes to meet Foursquare’s API requirements.

“Addressing these concerns is an important part of having a successful business model in the space,” Uncapher told Wired. “Consumers need to feel comfortable sharing information or they wont share it.”